Next: , Previous: pcsys_quickstart, Up: QEMU PC System emulator


3.3 Invocation


usage: qemu [options] [disk_image]

disk_image is a raw hard disk image for IDE hard disk 0.

General options:

-M machine
Select the emulated machine (-M ? for list)
-fda file
-fdb file
Use file as floppy disk 0/1 image (see disk_images). You can use the host floppy by using /dev/fd0 as filename (see host_drives).
-hda file
-hdb file
-hdc file
-hdd file
Use file as hard disk 0, 1, 2 or 3 image (see disk_images).
-cdrom file
Use file as CD-ROM image (you cannot use -hdc and -cdrom at the same time). You can use the host CD-ROM by using /dev/cdrom as filename (see host_drives).
-drive option[,option[,option[,...]]]
Define a new drive. Valid options are:
file=file
This option defines which disk image (see disk_images) to use with this drive.
if=interface
This option defines on which type on interface the drive is connected. Available types are: ide, scsi, sd, mtd, floppy, pflash.
bus=bus,unit=unit
These options define where is connected the drive by defining the bus number and the unit id.
index=index
This option defines where is connected the drive by using an index in the list of available connectors of a given interface type.
media=media
This option defines the type of the media: disk or cdrom.
cyls=c,heads=h,secs=s[,trans=t]
These options have the same definition as they have in -hdachs.
snapshot=snapshot
snapshot is "on" or "off" and allows to enable snapshot for given drive (see -snapshot).
cache=cache
cache is "on" or "off" and allows to disable host cache to access data.

Instead of -cdrom you can use:

     qemu -drive file=file,index=2,media=cdrom

Instead of -hda, -hdb, -hdc, -hdd, you can use:

     qemu -drive file=file,index=0,media=disk
     qemu -drive file=file,index=1,media=disk
     qemu -drive file=file,index=2,media=disk
     qemu -drive file=file,index=3,media=disk

You can connect a CDROM to the slave of ide0:

     qemu -drive file=file,if=ide,index=1,media=cdrom

If you don't specify the "file=" argument, you define an empty drive:

     qemu -drive if=ide,index=1,media=cdrom

You can connect a SCSI disk with unit ID 6 on the bus #0:

     qemu -drive file=file,if=scsi,bus=0,unit=6

Instead of -fda, -fdb, you can use:

     qemu -drive file=file,index=0,if=floppy
     qemu -drive file=file,index=1,if=floppy

By default, interface is "ide" and index is automatically incremented:

     qemu -drive file=a -drive file=b"

is interpreted like:

     qemu -hda a -hdb b

-boot [a|c|d|n]
Boot on floppy (a), hard disk (c), CD-ROM (d), or Etherboot (n). Hard disk boot is the default.
-snapshot
Write to temporary files instead of disk image files. In this case, the raw disk image you use is not written back. You can however force the write back by pressing <C-a s> (see disk_images).
-no-fd-bootchk
Disable boot signature checking for floppy disks in Bochs BIOS. It may be needed to boot from old floppy disks.
-m megs
Set virtual RAM size to megs megabytes. Default is 128 MiB.
-smp n
Simulate an SMP system with n CPUs. On the PC target, up to 255 CPUs are supported. On Sparc32 target, Linux limits the number of usable CPUs to 4.
-audio-help
Will show the audio subsystem help: list of drivers, tunable parameters.
-soundhw card1[,card2,...] or -soundhw all
Enable audio and selected sound hardware. Use ? to print all available sound hardware.
     qemu -soundhw sb16,adlib hda
     qemu -soundhw es1370 hda
     qemu -soundhw all hda
     qemu -soundhw ?

-localtime
Set the real time clock to local time (the default is to UTC time). This option is needed to have correct date in MS-DOS or Windows.
-startdate date
Set the initial date of the real time clock. Valid format for date are: now or 2006-06-17T16:01:21 or 2006-06-17. The default value is now.
-pidfile file
Store the QEMU process PID in file. It is useful if you launch QEMU from a script.
-daemonize
Daemonize the QEMU process after initialization. QEMU will not detach from standard IO until it is ready to receive connections on any of its devices. This option is a useful way for external programs to launch QEMU without having to cope with initialization race conditions.
-win2k-hack
Use it when installing Windows 2000 to avoid a disk full bug. After Windows 2000 is installed, you no longer need this option (this option slows down the IDE transfers).
-option-rom file
Load the contents of file as an option ROM. This option is useful to load things like EtherBoot.
-name name
Sets the name of the guest. This name will be display in the SDL window caption. The name will also be used for the VNC server.

Display options:

-nographic
Normally, QEMU uses SDL to display the VGA output. With this option, you can totally disable graphical output so that QEMU is a simple command line application. The emulated serial port is redirected on the console. Therefore, you can still use QEMU to debug a Linux kernel with a serial console.
-no-frame
Do not use decorations for SDL windows and start them using the whole available screen space. This makes the using QEMU in a dedicated desktop workspace more convenient.
-full-screen
Start in full screen.
-vnc display[,option[,option[,...]]]
Normally, QEMU uses SDL to display the VGA output. With this option, you can have QEMU listen on VNC display display and redirect the VGA display over the VNC session. It is very useful to enable the usb tablet device when using this option (option -usbdevice tablet). When using the VNC display, you must use the -k parameter to set the keyboard layout if you are not using en-us. Valid syntax for the display is
interface:d
TCP connections will only be allowed from interface on display d. By convention the TCP port is 5900+d. Optionally, interface can be omitted in which case the server will bind to all interfaces.
unix:path
Connections will be allowed over UNIX domain sockets where path is the location of a unix socket to listen for connections on.
none
VNC is initialized by not started. The monitor change command can be used to later start the VNC server.

Following the display value there may be one or more option flags separated by commas. Valid options are

password
Require that password based authentication is used for client connections. The password must be set separately using the change command in the pcsys_monitor
tls
Require that client use TLS when communicating with the VNC server. This uses anonymous TLS credentials so is susceptible to a man-in-the-middle attack. It is recommended that this option be combined with either the x509 or x509verify options.
x509=/path/to/certificate/dir
Valid if tls is specified. Require that x509 credentials are used for negotiating the TLS session. The server will send its x509 certificate to the client. It is recommended that a password be set on the VNC server to provide authentication of the client when this is used. The path following this option specifies where the x509 certificates are to be loaded from. See the vnc_security section for details on generating certificates.
x509verify=/path/to/certificate/dir
Valid if tls is specified. Require that x509 credentials are used for negotiating the TLS session. The server will send its x509 certificate to the client, and request that the client send its own x509 certificate. The server will validate the client's certificate against the CA certificate, and reject clients when validation fails. If the certificate authority is trusted, this is a sufficient authentication mechanism. You may still wish to set a password on the VNC server as a second authentication layer. The path following this option specifies where the x509 certificates are to be loaded from. See the vnc_security section for details on generating certificates.

-k language
Use keyboard layout language (for example fr for French). This option is only needed where it is not easy to get raw PC keycodes (e.g. on Macs, with some X11 servers or with a VNC display). You don't normally need to use it on PC/Linux or PC/Windows hosts.

The available layouts are:

     ar  de-ch  es  fo     fr-ca  hu  ja  mk     no  pt-br  sv
     da  en-gb  et  fr     fr-ch  is  lt  nl     pl  ru     th
     de  en-us  fi  fr-be  hr     it  lv  nl-be  pt  sl     tr

The default is en-us.

USB options:

-usb
Enable the USB driver (will be the default soon)
-usbdevice devname
Add the USB device devname. See usb_devices.

Network options:

-net nic[,vlan=n][,macaddr=addr][,model=type]
Create a new Network Interface Card and connect it to VLAN n (n = 0 is the default). The NIC is an ne2k_pci by default on the PC target. Optionally, the MAC address can be changed. If no -net option is specified, a single NIC is created. Qemu can emulate several different models of network card. Valid values for type are i82551, i82557b, i82559er, ne2k_pci, ne2k_isa, pcnet, rtl8139, smc91c111, lance and mcf_fec. Not all devices are supported on all targets. Use -net nic,model=? for a list of available devices for your target.
-net user[,vlan=n][,hostname=name]
Use the user mode network stack which requires no administrator privilege to run. hostname=name can be used to specify the client hostname reported by the builtin DHCP server.
-net tap[,vlan=n][,fd=h][,ifname=name][,script=file]
Connect the host TAP network interface name to VLAN n and use the network script file to configure it. The default network script is /etc/qemu-ifup. Use script=no to disable script execution. If name is not provided, the OS automatically provides one. fd=h can be used to specify the handle of an already opened host TAP interface. Example:
     qemu linux.img -net nic -net tap

More complicated example (two NICs, each one connected to a TAP device)

     qemu linux.img -net nic,vlan=0 -net tap,vlan=0,ifname=tap0 \
                    -net nic,vlan=1 -net tap,vlan=1,ifname=tap1

-net socket[,vlan=n][,fd=h][,listen=[host]:port][,connect=host:port]
Connect the VLAN n to a remote VLAN in another QEMU virtual machine using a TCP socket connection. If listen is specified, QEMU waits for incoming connections on port (host is optional). connect is used to connect to another QEMU instance using the listen option. fd=h specifies an already opened TCP socket.

Example:

     # launch a first QEMU instance
     qemu linux.img -net nic,macaddr=52:54:00:12:34:56 \
                    -net socket,listen=:1234
     # connect the VLAN 0 of this instance to the VLAN 0
     # of the first instance
     qemu linux.img -net nic,macaddr=52:54:00:12:34:57 \
                    -net socket,connect=127.0.0.1:1234

-net socket[,vlan=n][,fd=h][,mcast=maddr:port]
Create a VLAN n shared with another QEMU virtual machines using a UDP multicast socket, effectively making a bus for every QEMU with same multicast address maddr and port. NOTES:
  1. Several QEMU can be running on different hosts and share same bus (assuming correct multicast setup for these hosts).
  2. mcast support is compatible with User Mode Linux (argument ethN=mcast), see http://user-mode-linux.sf.net.
  3. Use fd=h to specify an already opened UDP multicast socket.

Example:

     # launch one QEMU instance
     qemu linux.img -net nic,macaddr=52:54:00:12:34:56 \
                    -net socket,mcast=230.0.0.1:1234
     # launch another QEMU instance on same "bus"
     qemu linux.img -net nic,macaddr=52:54:00:12:34:57 \
                    -net socket,mcast=230.0.0.1:1234
     # launch yet another QEMU instance on same "bus"
     qemu linux.img -net nic,macaddr=52:54:00:12:34:58 \
                    -net socket,mcast=230.0.0.1:1234

Example (User Mode Linux compat.):

     # launch QEMU instance (note mcast address selected
     # is UML's default)
     qemu linux.img -net nic,macaddr=52:54:00:12:34:56 \
                    -net socket,mcast=239.192.168.1:1102
     # launch UML
     /path/to/linux ubd0=/path/to/root_fs eth0=mcast

-net none
Indicate that no network devices should be configured. It is used to override the default configuration (-net nic -net user) which is activated if no -net options are provided.
-tftp dir
When using the user mode network stack, activate a built-in TFTP server. The files in dir will be exposed as the root of a TFTP server. The TFTP client on the guest must be configured in binary mode (use the command bin of the Unix TFTP client). The host IP address on the guest is as usual 10.0.2.2.
-bootp file
When using the user mode network stack, broadcast file as the BOOTP filename. In conjunction with -tftp, this can be used to network boot a guest from a local directory.

Example (using pxelinux):

     qemu -hda linux.img -boot n -tftp /path/to/tftp/files -bootp /pxelinux.0

-smb dir
When using the user mode network stack, activate a built-in SMB server so that Windows OSes can access to the host files in dir transparently.

In the guest Windows OS, the line:

     10.0.2.4 smbserver

must be added in the file C:\WINDOWS\LMHOSTS (for windows 9x/Me) or C:\WINNT\SYSTEM32\DRIVERS\ETC\LMHOSTS (Windows NT/2000).

Then dir can be accessed in \\smbserver\qemu.

Note that a SAMBA server must be installed on the host OS in /usr/sbin/smbd. QEMU was tested successfully with smbd version 2.2.7a from the Red Hat 9 and version 3.0.10-1.fc3 from Fedora Core 3.

-redir [tcp|udp]:host-port:[guest-host]:guest-port
When using the user mode network stack, redirect incoming TCP or UDP connections to the host port host-port to the guest guest-host on guest port guest-port. If guest-host is not specified, its value is 10.0.2.15 (default address given by the built-in DHCP server).

For example, to redirect host X11 connection from screen 1 to guest screen 0, use the following:

     # on the host
     qemu -redir tcp:6001::6000 [...]
     # this host xterm should open in the guest X11 server
     xterm -display :1

To redirect telnet connections from host port 5555 to telnet port on the guest, use the following:

     # on the host
     qemu -redir tcp:5555::23 [...]
     telnet localhost 5555

Then when you use on the host telnet localhost 5555, you connect to the guest telnet server.

Linux boot specific: When using these options, you can use a given Linux kernel without installing it in the disk image. It can be useful for easier testing of various kernels.

-kernel bzImage
Use bzImage as kernel image.
-append cmdline
Use cmdline as kernel command line
-initrd file
Use file as initial ram disk.

Debug/Expert options:

-serial dev
Redirect the virtual serial port to host character device dev. The default device is vc in graphical mode and stdio in non graphical mode.

This option can be used several times to simulate up to 4 serials ports.

Use -serial none to disable all serial ports.

Available character devices are:

vc[:WxH]
Virtual console. Optionally, a width and height can be given in pixel with
          vc:800x600
     

It is also possible to specify width or height in characters:

          vc:80Cx24C
     

pty
[Linux only] Pseudo TTY (a new PTY is automatically allocated)
none
No device is allocated.
null
void device
/dev/XXX
[Linux only] Use host tty, e.g. /dev/ttyS0. The host serial port parameters are set according to the emulated ones.
/dev/parportN
[Linux only, parallel port only] Use host parallel port N. Currently SPP and EPP parallel port features can be used.
file:filename
Write output to filename. No character can be read.
stdio
[Unix only] standard input/output
pipe:filename
name pipe filename
COMn
[Windows only] Use host serial port n
udp:[remote_host]:remote_port[@[src_ip]:src_port]
This implements UDP Net Console. When remote_host or src_ip are not specified they default to 0.0.0.0. When not using a specified src_port a random port is automatically chosen.

If you just want a simple readonly console you can use netcat or nc, by starting qemu with: -serial udp::4555 and nc as: nc -u -l -p 4555. Any time qemu writes something to that port it will appear in the netconsole session.

If you plan to send characters back via netconsole or you want to stop and start qemu a lot of times, you should have qemu use the same source port each time by using something like -serial udp::4555@:4556 to qemu. Another approach is to use a patched version of netcat which can listen to a TCP port and send and receive characters via udp. If you have a patched version of netcat which activates telnet remote echo and single char transfer, then you can use the following options to step up a netcat redirector to allow telnet on port 5555 to access the qemu port.

Qemu Options:
-serial udp::4555@:4556
netcat options:
-u -P 4555 -L 0.0.0.0:4556 -t -p 5555 -I -T
telnet options:
localhost 5555

tcp:[host]:port[,server][,nowait][,nodelay]
The TCP Net Console has two modes of operation. It can send the serial I/O to a location or wait for a connection from a location. By default the TCP Net Console is sent to host at the port. If you use the server option QEMU will wait for a client socket application to connect to the port before continuing, unless the nowait option was specified. The nodelay option disables the Nagle buffering algorithm. If host is omitted, 0.0.0.0 is assumed. Only one TCP connection at a time is accepted. You can use telnet to connect to the corresponding character device.
Example to send tcp console to 192.168.0.2 port 4444
-serial tcp:192.168.0.2:4444
Example to listen and wait on port 4444 for connection
-serial tcp::4444,server
Example to not wait and listen on ip 192.168.0.100 port 4444
-serial tcp:192.168.0.100:4444,server,nowait

telnet:host:port[,server][,nowait][,nodelay]
The telnet protocol is used instead of raw tcp sockets. The options work the same as if you had specified -serial tcp. The difference is that the port acts like a telnet server or client using telnet option negotiation. This will also allow you to send the MAGIC_SYSRQ sequence if you use a telnet that supports sending the break sequence. Typically in unix telnet you do it with Control-] and then type "send break" followed by pressing the enter key.
unix:path[,server][,nowait]
A unix domain socket is used instead of a tcp socket. The option works the same as if you had specified -serial tcp except the unix domain socket path is used for connections.
mon:dev_string
This is a special option to allow the monitor to be multiplexed onto another serial port. The monitor is accessed with key sequence of <Control-a> and then pressing <c>. See monitor access pcsys_keys in the -nographic section for more keys. dev_string should be any one of the serial devices specified above. An example to multiplex the monitor onto a telnet server listening on port 4444 would be:
-serial mon:telnet::4444,server,nowait

-parallel dev
Redirect the virtual parallel port to host device dev (same devices as the serial port). On Linux hosts, /dev/parportN can be used to use hardware devices connected on the corresponding host parallel port.

This option can be used several times to simulate up to 3 parallel ports.

Use -parallel none to disable all parallel ports.

-monitor dev
Redirect the monitor to host device dev (same devices as the serial port). The default device is vc in graphical mode and stdio in non graphical mode.
-echr numeric_ascii_value
Change the escape character used for switching to the monitor when using monitor and serial sharing. The default is 0x01 when using the -nographic option. 0x01 is equal to pressing Control-a. You can select a different character from the ascii control keys where 1 through 26 map to Control-a through Control-z. For instance you could use the either of the following to change the escape character to Control-t.
-echr 0x14
-echr 20

-s
Wait gdb connection to port 1234 (see gdb_usage).
-p port
Change gdb connection port. port can be either a decimal number to specify a TCP port, or a host device (same devices as the serial port).
-S
Do not start CPU at startup (you must type 'c' in the monitor).
-d
Output log in /tmp/qemu.log
-hdachs c,h,s,[,t]
Force hard disk 0 physical geometry (1 <= c <= 16383, 1 <= h <= 16, 1 <= s <= 63) and optionally force the BIOS translation mode (t=none, lba or auto). Usually QEMU can guess all those parameters. This option is useful for old MS-DOS disk images.
-L path
Set the directory for the BIOS, VGA BIOS and keymaps.
-std-vga
Simulate a standard VGA card with Bochs VBE extensions (default is Cirrus Logic GD5446 PCI VGA). If your guest OS supports the VESA 2.0 VBE extensions (e.g. Windows XP) and if you want to use high resolution modes (>= 1280x1024x16) then you should use this option.
-no-acpi
Disable ACPI (Advanced Configuration and Power Interface) support. Use it if your guest OS complains about ACPI problems (PC target machine only).
-no-reboot
Exit instead of rebooting.
-loadvm file
Start right away with a saved state (loadvm in monitor)
-semihosting
Enable semihosting syscall emulation (ARM and M68K target machines only).

On ARM this implements the "Angel" interface. On M68K this implements the "ColdFire GDB" interface used by libgloss.

Note that this allows guest direct access to the host filesystem, so should only be used with trusted guest OS.